Packet processing method and system, and network device

ABSTRACT

The present invention provides a packet processing method and system, and a network device. The method includes: receiving, by a first network device, a packet, where the packet includes match object information and match condition information; determining, by the first network device, a to-be-matched second network device according to the match object information, where the second network device includes one or more network devices; matching, by the first network device, device information of the second network device with the match condition information; and performing, by the first network device, forwarding processing or discarding processing on the packet according to a match result of matching the device information of the second network device with the match condition information. By using the method provided in the present invention, excessive occupation of network bandwidth can be reduced, and network resources can be saved.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/933,318, filed on Mar. 22, 2018, which is a continuation ofInternational Application No. PCT/CN2015/090474, filed on Sep. 23, 2015.All of the afore-mentioned patent applications are hereby incorporatedby reference in their entireties.

TECHNICAL FIELD

The present invention relates to the field of communicationstechnologies, and specifically, to a packet processing method andsystem, and a network device.

BACKGROUND

With development of network technologies, it is common that a networkdevice forwards a packet in a flooding manner. For example, in anIntermediate System to Intermediate System (IS-IS) protocol network,each network device needs to create a link state packet (LSP)information base, and then the network device floods LSP information toall neighboring devices. For another example, the Internet EngineeringTask Force currently proposes a concept of a self-organizing networktechnology. In a self-organizing network, a function of a conventionalnetwork management system may be automatically completed by means ofinteraction between network devices, so as to reduce network operationand maintenance costs on the whole. In the self-organizing networktechnology, a concept of intent is proposed. intent information mayinclude one or more network policies. In an ideal intent informationdistribution mechanism, intent information can be entered on any networkdevice, and then the network device automatically distributes the intentinformation to another network device. In an existing manner, forexample, in the example of the self-organizing network technology, whendistributing the intent information, a network device also distributesthe intent information to another neighboring device in the network in aflooding manner. However, generally, not all devices in the network needto receive the flooded packet, and this distribution manner of floodinga packet in an entire network causes waste of network bandwidthresources.

SUMMARY

Embodiments of the present invention provide a packet processing methodand system, and a network device, so as to resolve a prior-art technicalproblem that network bandwidth resources are wasted because a networkdevice sends a packet to another device in a network in a floodingmanner.

According to a first aspect, an embodiment of the present inventionprovides a packet processing method, including:

receiving, by a first network device, a packet, where the packetincludes match object information and match condition information;

determining, by the first network device, a to-be-matched second networkdevice according to the match object information, where the secondnetwork device includes one or more network devices;

matching, by the first network device, device information of the secondnetwork device with the match condition information; and

performing, by the first network device, forwarding processing ordiscarding processing on the packet according to a match result ofmatching the device information of the second network device with thematch condition information.

Optionally, the second network device is a neighboring device of thefirst network device, and correspondingly, the matching, by the firstnetwork device, device information of the second network device with thematch condition information includes:

matching, by the first network device, device information of theneighboring device of the first network device with the match conditioninformation.

Optionally, the second network device is the first network device, andcorrespondingly, the matching, by the first network device, deviceinformation of the second network device with the match conditioninformation includes:

matching, by the first network device, device information of the firstnetwork device with the match condition information.

Optionally, the performing, by the first network device, forwardingprocessing on the packet according to a match result of matching thedevice information of the second network device with the match conditioninformation includes:

when determining that a neighboring device that is of the first networkdevice and that matches the match condition information exists,forwarding, by the first network device, the packet to the neighboringdevice that is of the first network device and that matches the matchcondition information.

Optionally, the performing, by the first network device, discardingprocessing on the packet according to a match result of matching thedevice information of the second network device with the match conditioninformation includes:

when determining that no neighboring device that is of the first networkdevice and that matches the match condition information exists,performing, by the first network device, discarding processing on thepacket.

Optionally, the packet further includes action entry information; theaction entry information includes: when the device information of thesecond network device matches the match condition information, aprocessing manner of the first network device for the packet is aprocessing manner of forwarding processing; and correspondingly, theperforming, by the first network device, forwarding processing on thepacket according to a match result of matching the device information ofthe second network device with the match condition information includes:

when determining that a neighboring device that is of the first networkdevice and that matches the match condition information exists,forwarding, by the first network device according to the action entryinformation, the packet to the neighboring device that is of the firstnetwork device and that matches the match condition information.

Optionally, the packet further includes action entry information; theaction entry information includes: when no second network device thatmatches the match condition information exists, a processing manner ofthe first network device for the packet is a processing manner ofdiscarding processing; and correspondingly, the performing, by the firstnetwork device, discarding processing on the packet according to a matchresult of matching the device information of the second network devicewith the match condition information includes:

when determining that no neighboring device that is of the first networkdevice and that matches the match condition information exists,performing, by the first network device, discarding processing on thepacket according to the action entry information.

Optionally, the performing, by the first network device, forwardingprocessing on the packet according to a match result of matching thedevice information of the second network device with the match conditioninformation includes:

when determining that the device information of the first network devicematches the match condition information, forwarding, by the firstnetwork device, the packet to at least one neighboring device of thefirst network device.

Optionally, the performing, by the first network device, discardingprocessing on the packet according to a match result of matching thedevice information of the second network device with the match conditioninformation includes:

when determining that the device information of the first network devicedoes not match the match condition information, performing, by the firstnetwork device, discarding processing on the packet.

Optionally, the packet further includes action entry information; theaction entry information includes: when the device information of thesecond network device matches the match condition information, aprocessing manner of the first network device for the packet is aprocessing manner of forwarding processing; and correspondingly, theperforming, by the first network device, forwarding processing on thepacket according to a match result of matching the device information ofthe second network device with the match condition information includes:

when determining that the device information of the first network devicematches the match condition information, forwarding, by the firstnetwork device, the packet to at least one neighboring device of thefirst network device according to the action entry information.

Optionally, the packet further includes action entry information; theaction entry information includes: when the device information of thesecond network device does not match the match condition information, aprocessing manner of the first network device for the packet is aprocessing manner of discarding processing; and correspondingly, theperforming, by the first network device, discarding processing on thepacket according to a match result of matching the device information ofthe second network device with the match condition information includes:

when determining that the device information of the first network devicedoes not match the match condition information, performing, by the firstnetwork device, discarding processing on the packet according to theaction entry information.

Optionally, the match condition information includes device roleinformation; correspondingly, the device information of the secondnetwork device includes device role information of the second networkdevice; and the matching, by the first network device, deviceinformation of the second network device with the match conditioninformation includes:

matching, by the first network device, the device role information ofthe second network device with the match condition information.

Optionally, the match condition information includes protocol roleinformation; correspondingly, the device information of the secondnetwork device includes protocol role information of the second networkdevice; and the matching, by the first network device, deviceinformation of the second network device with the match conditioninformation includes:

matching, by the first network device, the protocol role information ofthe second network device with the match condition information.

Optionally, the second network device is the first network device, thepacket further includes intent information, the intent informationincludes network policy information, and the method further includes:

executing, by the first network device according to the intentinformation, a network policy corresponding to the network policyinformation.

Optionally, the match condition information includes at least two typesof device information, the packet further includes an indication flag,the indication flag is used to instruct the first network device toselect device information between which and the device information ofthe second network device matching is to be performed, and the selecteddevice information is one or more of protocol role information, devicerole information, or device performance information.

Optionally, the packet further includes a first group of matchinformation and a second group of match information, the first group ofmatch information and the second group of match information each includematch object information and match condition information, andcorrespondingly, the packet further includes a match indication flag,where the match indication flag is used to instruct the first networkdevice to use the first group of match information and the second groupof match information, or the match indication information is used toinstruct to: when match condition information in at least two groups ofmatch information is matched, select a processing manner correspondingto the matched match condition information to process the packet.

According to a second aspect, an embodiment of the present inventionprovides a first network device, including:

a receiving unit, configured to receive a packet, where the packetincludes match object information and match condition information;

a determining unit, configured to determine a to-be-matched secondnetwork device according to the match object information, where thesecond network device includes one or more network devices;

a match unit, configured to match device information of the secondnetwork device with the match condition information; and

a processing unit, configured to perform forwarding processing ordiscarding processing on the packet according to a match result ofmatching the device information of the second network device with thematch condition information.

Optionally, the second network device is a neighboring device of thefirst network device, and correspondingly, that the match unit matchesdevice information of the second network device with the match conditioninformation includes:

matching device information of the neighboring device of the firstnetwork device with the match condition information.

Optionally, the second network device is the first network device, andcorrespondingly, that the match unit matches device information of thesecond network device with the match condition information includes:

matching device information of the first network device with the matchcondition information.

Optionally, that the processing unit performs forwarding processing onthe packet according to a match result of matching the deviceinformation of the second network device with the match conditioninformation includes:

when the match unit determines that a neighboring device that is of thefirst network device and that matches the match condition informationexists, forwarding, by the processing unit, the packet to theneighboring device that is of the first network device and that matchesthe match condition information.

Optionally, the packet further includes action entry information; theaction entry information includes: when the device information of thesecond network device matches the match condition information, aprocessing manner of the first network device for the packet is aprocessing manner of forwarding processing; and correspondingly, thatthe processing unit performs forwarding processing on the packetaccording to the match result from the match unit includes:

when the match unit determines that a neighboring device that is of thefirst network device and that matches the match condition informationexists, forwarding the packet to the neighboring device that is of thefirst network device and that matches the match condition information.

Optionally, that the processing unit performs forwarding processing onthe packet according to the match result includes:

when it is determined that the device information of the first networkdevice matches the match condition information, forwarding, by theprocessing unit, the packet to at least one neighboring device of thefirst network device.

Optionally, the packet further includes action entry information; theaction entry information includes: when the device information of thesecond network device matches the match condition information, aprocessing manner of the first network device for the packet is aprocessing manner of forwarding processing; and correspondingly, whenthe match unit determines that the device information of the firstnetwork device matches the match condition information, the processingunit forwards the packet to at least one neighboring device of the firstnetwork device according to the action entry information.

Optionally, the match condition information includes device roleinformation; correspondingly, the device information of the secondnetwork device includes device role information of the second networkdevice; and that the match unit matches device information of the secondnetwork device with the match condition information includes:

matching, by the first network device, the device role information ofthe second network device with the match condition information.

Optionally, the match condition information includes protocol roleinformation; correspondingly, the device information of the secondnetwork device includes protocol role information of the second networkdevice; and that the match unit matches device information of the secondnetwork device with the match condition information includes:

matching, by the first network device, the protocol role information ofthe second network device with the match condition information.

According to a third aspect, an embodiment of the present inventionprovides a network device, including:

an obtaining unit, configured to obtain match object information andmatch condition information;

a processing unit, configured to generate a packet, where the packetincludes the match object information and the match conditioninformation; and

a sending unit, configured to send the packet to a first network device,so as to instruct the first network device to process the packetaccording to the match object information and the match conditioninformation, where the match object information is used to instruct thefirst network device to determine a to-be-matched second network deviceaccording to the match object information, the second network deviceincludes one or more network devices, the match condition information isused by the first network device to match device information of theto-be-matched second network device with the match conditioninformation.

Optionally, the match object information is an identifier that is agreedon in advance between devices, and the identifier is used to identifythat the to-be-matched second network device is a neighboring device ofthe first network device or the first network device.

Optionally, the match condition information includes device roleinformation and device protocol information, the device role informationis information for identifying a location of a device in a network, andthe device role information is information for identifying a function ofa device in a network.

According to a fourth aspect, an embodiment of the present inventionprovides a network device, including: a memory, a processor, and anetwork interface, where the memory, the processor, and the networkinterface are connected to each other by using a bus, the memory isconfigured to store a group of program instructions, and the processoris configured to invoke the program instruction stored in the memory toperform the following operations:

triggering the network interface to receive a packet, where the packetincludes match object information and match condition information;

determining a to-be-matched second network device according to the matchobject information, where the second network device includes one or morenetwork devices, and matching device information of the second networkdevice with the match condition information; and

performing forwarding processing or discarding processing on the packetaccording to a match result of matching the device information of thesecond network device with the match condition information.

Optionally, the second network device determined by the processor is thefirst network device, and correspondingly, that the processor matchesdevice information of the second network device with the match conditioninformation includes:

matching, by the processor, device information of the first networkdevice with the match condition information.

Optionally, that the processor performs forwarding processing on thepacket according to the match result includes:

when determining that a neighboring device that is of the first networkdevice and that matches the match condition information exists,forwarding, by the processor, the packet to the neighboring device thatis of the first network device and that matches the match conditioninformation.

Optionally, that the processor performs discarding processing on thepacket according to a match result of matching the device information ofthe second network device with the match condition information includes:

when determining that no neighboring device that is of the first networkdevice and that matches the match condition information exists,performing, by the processor, discarding processing on the packet.

Optionally, that the processor performs forwarding processing on thepacket according to the match result includes:

when determining that the device information of the first network devicematches the match condition information, forwarding, by the processor,the packet to at least one neighboring device of the first networkdevice.

Optionally, that the processor performs discarding processing on thepacket according to the match result includes:

when determining that the device information of the first network devicedoes not match the match condition information, performing, by theprocessor, discarding processing on the packet.

According to a fifth aspect, an embodiment of the present inventionprovides a packet processing system, and the system includes a firstnetwork device and a third network device, where

the third network device is configured to: obtain match objectinformation and match condition information; generate a packet thatincludes the match object information and the match conditioninformation; and send the packet to the first network device, where thematch object information is used to instruct the first network device todetermine a network device corresponding to device information to bematched with the match condition information; and

the first network device is configured to: receive the packet; determinea second network device corresponding to the match object information;match device information of the second network device with the matchcondition information; and perform forwarding processing or discardingprocessing on the packet according to action entry information and amatch result of matching the device information of the second networkdevice with the match condition information.

By using technical solutions provided in the embodiments of the presentinvention, after receiving a packet sent by another network device, thefirst network device needs to send the packet only to a specific deviceby using match object information and match condition information thatare included in the packet, and does not need to flood the packet in anentire network. In this way, in an actual network, the match objectinformation and the match condition information can be customizedaccording to a network feature. Therefore, the packet is prevented frombeing flooded in the network without a purpose, so that excessiveoccupation of network bandwidth by packet forwarding can be reduced, andnetwork resources can be saved.

BRIEF DESCRIPTION OF DRAWINGS

To describe the technical solutions in the embodiments of the presentinvention more clearly, the following briefly describes the accompanyingdrawings required for describing the embodiments. Apparently, theaccompanying drawings in the following description show some embodimentsof the present invention, and persons of ordinary skill in the art maystill derive other drawings from these accompanying drawings withoutcreative efforts.

FIG. 1 is a schematic diagram of an application scenario of a packetprocessing method according to an embodiment of the present invention;

FIG. 2 is a schematic flowchart of a packet processing method accordingto an embodiment of the present invention;

FIG. 3 is a schematic flowchart of a packet processing method accordingto an embodiment of the present invention;

FIG. 4 is a schematic structural diagram of a network device accordingto an embodiment of the present invention;

FIG. 5 is a schematic structural diagram of a network device accordingto an embodiment of the present invention;

FIG. 6 is a schematic structural diagram of a network device accordingto an embodiment of the present invention;

FIG. 7 is a schematic structural diagram of a network device accordingto an embodiment of the present invention; and

FIG. 8 is a schematic diagram of a packet processing system according toan embodiment of the present invention.

DESCRIPTION OF EMBODIMENTS

To make the objectives, technical solutions, and advantages of theembodiments of the present invention clearer, the following clearlydescribes the technical solutions in the embodiments of the presentinvention with reference to the accompanying drawings in the embodimentsof the present invention. Apparently, the described embodiments are somebut not all of the embodiments of the present invention. All otherembodiments obtained by persons of ordinary skill in the art based onthe embodiments of the present invention without creative efforts shallfall within the protection scope of the present invention.

FIG. 1 is a schematic diagram of an application scenario of a packetprocessing method according to an embodiment of the present invention.In FIG. 1 , a network device A, a network device C, a network device D,and a network device E are separately neighboring devices of a networkdevice B. After obtaining a network policy, the network device Agenerates intent information according to the network policy. Thenetwork policy may be a network policy of setting a device to enter anenergy saving mode, or a network policy of setting a network device toperform deep detection on a received packet, or the like. The networkpolicy obtained by the network device A may be delivered by a networkmanagement system, or may be directly configured on the network device Aby a user. The network device A generates a packet according to thegenerated intent information, and the packet includes match objectinformation and match condition information. The network device A sendsthe packet to the network device B. The network device B determines,according to the match object information, a network device to bematched with the match condition information. The network device to bematched with the match condition information may be a neighboring deviceof the network device B, or may be the network device B.

After the network device B receives the packet, when learning, by usingthe match object information, that matching needs to be performedbetween device information of the neighboring device of the networkdevice B and the match condition information, the network device Bmatches stored device information of the neighboring device with thematch condition information. After the network device B determines anetwork device that matches the match condition information, the networkdevice B sends the packet to the network device that matches the matchcondition information. After determining that there is no network devicethat matches the match condition information, the network device Bperforms discarding processing on the packet. For example, in FIG. 1 ,if device information of the network device D and device information ofthe network device E match the match condition information, the networkdevice B sends the packet to the network device D and the network deviceE. If device information of the network device C does not match thematch condition information, the network device B does not send thepacket to the network device C. If none of device information of thenetwork device C, the network device D, or the network device E matchesthe match condition information, the network device B performsdiscarding processing on the packet.

After the network device B receives the packet, when learning, by usingthe match object information, that matching needs to be performedbetween device information of the network device B and the matchcondition information, the network device B matches the deviceinformation of the network device B with the match conditioninformation. After the network device B determines that the deviceinformation of the network device B matches the match conditioninformation, the network device B sends the packet to the neighboringdevice of the network device B. In this case, provided that the deviceinformation of the network device B matches the match conditioninformation, it is considered that the neighboring device of the networkdevice B needs to receive the packet. For example, in FIG. 1 , after thenetwork device B receives the packet, when learning, by using the matchobject information, that matching needs to be performed between thedevice information of the network device B and the match conditioninformation, the network device B matches the device information of thenetwork device B with the match condition information. If the networkdevice B determines that the device information of the network device Bmatches the match condition information, the network device B sends thepacket to the neighbor of the network device B. That the network deviceB sends the packet to the neighboring device of the network device B maybe sending the packet to all neighboring devices of the network device Bor sending the packet to some neighboring devices of the network deviceB. No limitation is specifically imposed in this embodiment of thepresent invention. If the network device B determines that the deviceinformation of the network device B does not match the match conditioninformation, the network device B performs discarding processing on thepacket.

In a specific implementation, after receiving the packet, the networkdevice B may execute a corresponding network policy according to theintent information included in the packet. The network policy executedby the network device B may be setting the network device B to enter anenergy saving mode, or setting the network device B to perform deepdetection on the received packet, or the like. That the network device Bexecutes a corresponding network policy according to the intentinformation included in the packet may be performed before the networkdevice B determines the network device to be matched with the matchcondition information, or may be performed after the network device Bdetermines the network device to be matched with the match conditioninformation.

In a specific implementation, the match object information may be anidentifier that is agreed on in advance between devices or that iscentrally configured by a network system. After receiving the packet,the network device B may learn, according to the identifier, whethermatching needs to be performed between the device information of theneighboring device of the network device B and the match conditioninformation, or matching needs to be performed between the deviceinformation of the network device B and the match condition information.For example, it is agreed between the network device A and the networkdevice B that when a value of the identifier is 1, it indicates that thenetwork device B needs to match the device information of theneighboring device of the network device B with the match condition; orwhen a value of the identifier is 0, it indicates that the networkdevice B needs to match the device information of the network device Bwith the match condition.

In a specific implementation, the match condition information mayinclude device role information or protocol role information. Forexample, in an IP-based radio access network (IP RAN), a device role maybe a cell site gateway (CSG), an aggregation site gateway (AggregationSite Gateway, ASG), a radio service gateway (RSG), or the like, and aprotocol role may be a Generic Discovery and Negotiation Protocol (GDNP)counterpart (Counterpart), a Multiprotocol Label Switching (MPLS) labelswitching router (LSR), or the like. For example, in a network shown inFIG. 1 , the network device E is a CSG in the IP RAN network, and thenetwork device D is an ASG The network device B receives the packet sentby the network device A. The match condition information included in thepacket is a device role CSC, and the match object information includedin the packet indicates that matching needs to be performed between thematch condition information and the device information of theneighboring device of the network device that receives the packet. Whenthe network device B determines that matching needs to be performedbetween the device information of the neighboring device of the networkdevice B and the match condition information, the network device Bseparately matches the match condition information with device roleinformation of the network device E, the network device D, and thenetwork device C. Because only the device role information of thenetwork device E is the CSC, the network device B sends the packet onlyto the network device E.

By using the foregoing implementations, the network device B determinesa to-be-matched network device according to the match object informationincluded in the received packet, and then matches device information ofthe to-be-matched network device with the match condition information inthe packet, so as to perform forwarding processing or discardingprocessing on the packet according to a match result. The network deviceB needs to send the packet only to a specific device, and does not needto flood the packet in a network. Therefore, the packet is preventedfrom being flooded in the network without a purpose, so that excessiveoccupation of network bandwidth can be reduced, and network resourcescan be saved.

Referring to FIG. 2 , FIG. 2 is a schematic flowchart of a packetprocessing method according to an embodiment of the present invention.The method includes the following steps.

201. A first network device receives a packet, where the packet includesmatch object information and match condition information.

In a specific implementation, the match object information is used bythe first network device to determine a to-be-matched second networkdevice according to the match object information. The match conditioninformation is used by the first network device to match deviceinformation of the to-be-matched second network device with the matchcondition information. The match condition information may includedevice information such as device role information, device protocolinformation, or device performance information.

202. The first network device determines a to-be-matched second networkdevice according to the match object information, where the secondnetwork device includes one or more network devices.

In a specific implementation, the first network device may determine theto-be-matched second network device according to identifier informationin the packet. The identifier information may be an identifier that isagreed on in advance between devices. For example, when a value of theidentifier is 1, it indicates that matching needs to be performedbetween device information of a neighboring device of a network device Band the match condition; or when a value of the identifier is 0, itindicates that matching needs to be performed between device informationof a network device B and the match condition.

203. The first network device matches device information of the secondnetwork device with the match condition information.

204. The first network device performs forwarding processing ordiscarding processing on the packet according to a match result ofmatching the device information of the second network device with thematch condition information.

Further description is given in the following by using the networkdevices in FIG. 1 as an example. The first network device may be thenetwork device B in the network shown in FIG. 1 , and the packet may bethe packet sent by the network device A to the network device B.

In this embodiment of the present invention, after receiving the packet,the first network device determines, according to the match objectinformation, a network device to be matched with the match conditioninformation, so as to determine a sending range of forwarding thepacket. When the first network device determines, according to the matchobject information, that matching needs to be performed between deviceinformation of a neighboring device of the first network device and thematch condition, the first network device matches stored deviceinformation of the neighboring device of the first network device withthe match condition. Correspondingly, the second network device is aneighboring device of the first network device, and the matching, by thefirst network device, device information of the second network devicewith the match condition information includes:

matching, by the first network device, device information of theneighboring device of the first network device with the match conditioninformation. Correspondingly, the performing, by the first networkdevice, forwarding processing on the packet according to the matchresult includes:

when the first network device determines that device informationmatching the match condition information exists in the deviceinformation of the neighboring device of the first network device,forwarding, by the first network device, the packet to a neighboringdevice corresponding to the device information matching the matchcondition information, where the neighboring device of the first networkdevice is a network device that establishes a communication connectionto the first network device, and the neighboring device corresponding tothe device information matching the match condition may be one or moreneighboring devices; or when the first network device determines that nodevice information matching the match condition information exists indevice information of all neighboring devices of the first networkdevice, performing, by the first network device, discarding processingon the packet.

In a specific implementation, the device information of the neighboringdevice stored in the first network device may be obtained in advance byusing a GDNP, or may be obtained from a network management device. Thematch object information includes identifier information. The identifierinformation is used to identify that the to-be-matched second networkdevice is the first network device or a neighboring device of the firstnetwork device. The identifier information may be an identifier that isagreed on in advance between devices. For example, when a value of theidentifier information is 1, it indicates that the first network deviceneeds to match the device information of the neighboring device of thefirst network device with the match condition; or when a value of theidentifier is 0, it indicates that the first network device needs tomatch device information of the first network device with the matchcondition. The device role information may be information foridentifying a location of a device in a network, for example, a provideredge (PE) device or a customer edge (CE) device in a carrier network.The device role information may be information for identifying afunction of a device in a network. For example, in an IP RAN network, adevice role may be a CSG, an ASG, or an RSG.

In a specific implementation, when the first network device determines,according to the match object information, that matching needs to beperformed between device information of the first network device and thematch condition, the first network device matches the device informationof the first network device with the match condition. In this case, thesecond network device is the first network device, and the matching, bythe first network device, device information of the second networkdevice with the match condition information includes:

matching, by the first network device, device information of the firstnetwork device with the match condition information. Correspondingly,the performing, by the first network device, forwarding processing onthe packet according to the match result includes:

when the first network device determines that the device information ofthe first network device matches the match condition information,forwarding, by the first network device, the packet to a neighboringdevice of the first network device, where in a specific implementation,the packet may be forwarded to all neighboring devices, or may beforwarded to some neighboring devices or a signal neighboring device,and no limitation is specifically imposed in the present invention; orwhen the first network device determines that the device information ofthe first network device does not match the match condition information,performing, by the first network device, discarding processing on thepacket.

In a specific implementation, the first network device configures inadvance a processing manner that is of the first network device for thepacket and that exists when matching succeeds, or a processing mannerthat is for the packet and that exists when matching succeeds is agreedon in advance between network devices. The processing manner may beperforming forwarding processing on the packet when matching succeeds.

In a specific implementation, when the second network device is aneighboring device of the first network device, the packet may furtherinclude action entry information. The action entry information includesa processing manner that is of the first network device for the packetand that exists when device information matching the match conditioninformation exists in the device information of the second networkdevice. The processing manner may be a processing manner of performingforwarding processing on the packet. Correspondingly, the performing, bythe first network device, forwarding processing on the packet accordingto a match result of matching the device information of the secondnetwork device with the match condition information includes:

when determining that a neighboring device that is of the first networkdevice and that matches the match condition information exists,forwarding, by the first network device according to the action entryinformation, the packet to the neighboring device that is of the firstnetwork device and that matches the match condition information.

Alternatively, the action entry information may include: when no secondnetwork device that can match the match condition information exists, aprocessing manner of the first network device for the packet is aprocessing manner of discarding processing. Correspondingly, theperforming, by the first network device, discarding processing on thepacket according to a match result of matching the device information ofthe second network device with the match condition information includes:

when determining that no neighboring device that is of the first networkdevice and that matches the match condition information exists,performing, by the first network device, discarding processing on thepacket according to the action entry information.

In a specific implementation, when the second network device is thefirst network device, the packet further includes action entryinformation. The action entry information includes: when the deviceinformation of the second network device matches the match conditioninformation, a processing manner of the first network device for thepacket is a processing manner of forwarding processing. Correspondingly,the performing, by the first network device, forwarding processing onthe packet according to a match result of matching the deviceinformation of the second network device with the match conditioninformation includes:

when determining that the device information of the first network devicematches the match condition information, forwarding, by the firstnetwork device, the packet to at least one neighboring device of thefirst network device according to the action entry information.

Alternatively, the action entry information may include: when the deviceinformation of the second network device does not match the matchcondition information, a processing manner of the first network devicefor the packet is a processing manner of discarding processing.Correspondingly, the performing, by the first network device, discardingprocessing on the packet according to a match result of matching thedevice information of the second network device with the match conditioninformation includes:

when determining that the device information of the first network devicedoes not match the match condition information, performing, by the firstnetwork device, discarding processing on the packet according to theaction entry information.

In a specific implementation, the packet further includes intentinformation, the intent information includes network policy information,and the method further includes:

executing, by the first network device according to the intentinformation, a network policy corresponding to the network policyinformation. The network policy executed by the first network device maybe setting the first network device to enter an energy saving mode, orsetting the first network device to perform deep detection on thereceived packet, or the like. That the first network device executes acorresponding network policy according to the intent informationincluded in the packet may be performed before the first network devicedetermines the network device to be matched with the match conditioninformation, or may be performed after the first network devicedetermines the network device to be matched with the match conditioninformation.

In a specific implementation, the match condition information includesdevice role information. After determining that the match conditioninformation is the device role information, the first network devicematches device role information of the second network device with thematch condition. Correspondingly, the device information of the secondnetwork device includes the device role information of the secondnetwork device, and the matching, by the first network device, deviceinformation of the second network device with the match conditioninformation includes:

matching, by the first network device, the device role information ofthe second network device with the match condition information.

In a specific implementation, the match condition information includesprotocol role information. After determining that the match conditioninformation is the protocol role information, the first network devicematches protocol role information of the second network device with thematch condition. Correspondingly, the device information of the secondnetwork device includes the protocol role information of the secondnetwork device, and the matching, by the first network device, deviceinformation of the second network device with the match conditioninformation includes:

matching, by the first network device, the protocol role information ofthe second network device with the match condition information.

The protocol role information may be information for identifying aprotocol function of a device in a network, for example, an LSR in anMPLS network or a label edge router (Label Edge Router, LER) in an MPLSnetwork.

In a specific implementation, the match condition information may beperformance information of a network device, for example, informationabout a forwarding capability or a capacity capability of a networkdevice.

In a specific implementation, the match condition information mayinclude at least two types of device information, for example, mayinclude both protocol role information and device role information. Inthis case, only when the device information of the second network devicematches the at least two types of device information in the matchcondition information or matches several specified types of specificdevice information, it is considered that matching succeeds.Alternatively, in another embodiment, the packet further includes anindication flag. The indication flag is used to instruct the firstnetwork device to select device information between which and the deviceinformation of the second network device matching is to be performed.The selected device information is one or more of protocol roleinformation, device role information, or device performance information.The indication flag may be agreed on in advance between devices. Forexample, when a value of the indication flag is 1, it indicates that thefirst network device needs to match protocol role information in thematch condition with protocol role information of the second networkdevice; or when a value of the indication flag is 0, it indicates thatthe first network device needs to match device role information in thematch condition with device role information of the second networkdevice.

In a specific implementation, the packet may further include multiplegroups of match information. Each group of match information includesmatch object information and match condition information. For example,the packet includes a first group of match information and a secondgroup of match information. The first group of match informationincludes first match object information and first match conditioninformation. The second group of match information includes second matchobject information and second match condition information.Correspondingly, the packet further includes a match indication flag.The match indication flag is used to instruct the first network deviceto use the first group of match information or the second group of matchinformation. The match indication flag may be used to instruct the firstnetwork device to use the first group of match information or the secondgroup of match information. Alternatively, the match indicationinformation is used to instruct to: when match condition information inat least two groups of match information is matched, select a processingmanner corresponding to the matched match condition information toprocess the packet.

By using the foregoing implementations, the first network devicedetermines a to-be-matched network device by using the match objectinformation included in the packet, and then matches device informationof the to-be-matched network device with the match condition informationin the packet, so as to perform forwarding processing or discardingprocessing on the packet according to a match result. The first networkdevice needs to send the packet only to a specific device, and does notneed to flood the packet in a network. Therefore, the packet isprevented from being flooded in the network without a purpose, so thatexcessive occupation of network bandwidth can be reduced, and networkresources can be saved.

Referring to FIG. 3 , FIG. 3 is a schematic flowchart of a packetprocessing method according to an embodiment of the present invention.The method includes the following steps.

301. A third network device obtains match object information and matchcondition information.

302. The third network device generates a packet, where the packetincludes the match object information and the match conditioninformation.

303. The third network device sends the packet to a first networkdevice, so as to instruct the first network device to process the packetaccording to the match object information and the match conditioninformation.

In a specific implementation, the match object information is used bythe first network device to determine a to-be-matched second networkdevice according to the match object information. The match conditioninformation is used by the first network device to match deviceinformation of the to-be-matched second network device with the matchcondition information. The match condition information may includedevice information such as device role information, device protocolinformation, or device performance information.

In a specific implementation, the third network device may determinecorresponding match object information and match condition informationaccording to a specific to-be-sent packet. For example, some packetsneed to be sent to a type of device, and some packets do not need to besent to a type of network device. In this case, the third network devicedetermines specific match object information and match conditioninformation according to a packet.

In a specific implementation, the third network device may set the matchobject information and the match condition information according to anetwork feature. For example, in an MPLS network, if the third networkdevice is an LSR, and the third network device wants to flood an MPLSpacket to an LSR in the MPLS network by using the first network device,when a value of identifier information included in match objectinformation included in the MPLS packet may be 1, it indicates that thefirst network device needs to match device information of a neighboringdevice of the first network device with the match condition. The matchcondition information is a protocol role LSR. In this way, afterreceiving the MPLS packet, the first network device matches the deviceinformation of the neighboring device of the first network device withthe match condition, and sends the MPLS packet to a matched neighboringdevice. In this way, when the neighboring device of the first networkdevice is an LSR, the neighboring device of the first network device canreceive the MPLS packet. Further, an LSR that receives the MPLS packetcontinues to perform an action performed by the first network device, sothat the MPLS packet can be flooded in the MPLS network with a purpose.Therefore, a prior-art technical problem that network bandwidth isexcessively occupied because a packet is flooded in a network without apurpose is avoided.

In a specific implementation, the first network device may be thenetwork device B in FIG. 1 , and the third network device may be thenetwork device A in FIG. 1 . Alternatively, the first network device maybe the first network device in the embodiment shown in FIG. 2 , and thethird network device may be a network device sending a packet to thefirst network device in the embodiment shown in FIG. 2 .

For specific content of the match object information and the matchcondition information, refer to any one of the foregoing embodiments.Details are not described herein again.

In a specific implementation, the packet may further include actionentry information. The action entry information includes a processingmanner of the first network device for the packet. The processing mannermay be a processing manner of forwarding processing or discardingprocessing.

In a specific implementation, the packet may further include intentinformation. The intent information includes network policy information.The first network device is further configured to execute acorresponding network policy according to the network policyinformation. In a specific implementation, the network policyinformation included in the intent information may be a network deviceenergy saving policy. That the first network device executes acorresponding network policy according to the intent information issetting the first network device to enter an energy saving mode. Thatthe first network device enters the energy saving mode may specificallyinclude: the first network device disables an idle port, reduces a CPUfrequency, or the like.

In this embodiment of the present invention, the third network devicegenerates the packet that includes the match object information and thematch condition information, and sends the packet to the first networkdevice, so that the first network device can send the packet to aspecific device according to the match object information and the matchcondition information, and does not need to send the packet to alldevices in a network. Therefore, the packet is prevented from beingflooded in the network without a purpose, so that excessive occupationof network bandwidth can be reduced, and network resources can be saved.

Referring to FIG. 4 , an embodiment of the present invention provides anetwork device 400. The network device 400 may be the network device Bin FIG. 1 , or may be the first network device in the embodiment shownin FIG. 2 , or may be the first network device in the embodiment shownin FIG. 3 . It may be understood that the network device 400 may includephysical hardware necessary for performing the following processing, forexample, a storage device and a processing device such as a generalpurpose central processing unit (CPU), a microprocessor, anapplication-specific integrated circuit (ASIC), or one or moreintegrated circuits. The network device 400 includes:

a receiving unit 401, configured to receive a packet, where the packetincludes match object information and match condition information;

a determining unit 402, configured to determine a to-be-matched secondnetwork device according to the match object information, where thesecond network device includes one or more network devices;

a match unit 403, configured to match device information of the secondnetwork device determined by the determining unit 402 with the matchcondition information; and

a processing unit 404, configured to perform forwarding processing ordiscarding processing on the packet according to a match result ofmatching the device information of the second network device with thematch condition information.

In a specific implementation, the match object information is used bythe network device 400 to determine a to-be-matched second networkdevice according to the match object information. The match objectinformation includes identifier information. The identifier informationis used to identify that the to-be-matched second network device is thenetwork device 400 or a neighboring device of the network device 400.The match condition information is used by the network device 400 tomatch the device information of the to-be-matched second network devicewith the match condition information. The match condition informationmay include device information such as device role information, deviceprotocol information, or device performance information.

In a specific implementation, the determining unit 402 determines,according to the identifier information, that the to-be-matched secondnetwork device is the network device 400 or a neighboring device of thenetwork device 400.

In a specific implementation, when the determining unit 402 determines,according to the match object information, that the to-be-matched secondnetwork device is a neighboring device of the network device 400, thenetwork device 400 matches obtained device information of theneighboring device with the match condition. In this case, the secondnetwork device is a neighboring device of the network device 400. Thenetwork device 400 may obtain the device information of the neighboringdevice in advance by using a GDNP, and stores the device information ofthe neighboring device. Alternatively, the network device 400 may obtainthe device information of the neighboring device in another manner, forexample, periodically queries a network management device.Correspondingly, that the match unit 403 matches device information ofthe second network device with the match condition information mayspecifically include:

matching, by the match unit 403, device information of the neighboringdevice of the network device 400 with the match condition information.

Correspondingly, that the processing unit 404 performs forwardingprocessing on the packet according to the match result from the matchunit 403 may specifically include:

when it is determined that device information matching the matchcondition information exists in the device information of theneighboring device of the network device 400, forwarding, by theprocessing unit 404, the packet to a neighboring device corresponding tothe device information matching the match condition information, wherethe neighboring device corresponding to the device information matchingthe match condition may be one or more neighboring devices; or when thematch unit 403 determines that no device information matching the matchcondition information exists in the device information of theneighboring device of the network device 400, performing, by theprocessing unit 404, discarding processing on the packet.

In a specific implementation, the network device 400 configures inadvance a processing manner that is of the processing unit 404 for thepacket and that exists when matching performed by the match unit 403succeeds. The processing manner may be performing forwarding processingon the packet when matching performed by the match unit 403 succeeds.

In a specific implementation, the packet may further include actionentry information. The action entry information includes a processingmanner that is of the network device 400 for the packet and that existswhen device information matching the match condition information existsin the device information of the second network device. The processingmanner may be a processing manner of forwarding processing.Correspondingly, that the processing unit 404 performs forwardingprocessing on the packet according to the match result from the matchunit 403 includes:

when the match unit 403 determines that a neighboring device that is ofthe first network device 400 and that matches the match conditioninformation exists, forwarding, by the processing unit 404 according tothe action entry information, the packet to the neighboring device thatis of the first network device 400 and that matches the match conditioninformation.

Alternatively, the action entry information includes a processing mannerin which the network device 400 performs discarding processing on thepacket when the device information of the second network device does notmatch the match condition information. Correspondingly, that theprocessing unit 404 performs discarding processing on the packetaccording to a match result of matching the device information of thesecond network device with the match condition information includes:

when the match unit 403 determines that no neighboring device that is ofthe first network device 400 and that matches the match conditioninformation exists, performing, by the processing unit 404, discardingprocessing on the packet.

In a specific implementation, when the determining unit 402 determines,according to the match object information, that the to-be-matched secondnetwork device is the network device 400, the match unit 404 matchesdevice information of the network device 400 with the match condition.In this case, the second network device is the network device 400.

Correspondingly, that the match unit 403 matches device information ofthe second network device with the match condition information mayspecifically include:

matching, by the match unit 403, device information of the networkdevice 400 with the match condition information.

Correspondingly, that the processing unit 404 performs forwardingprocessing on the packet according to the match result includes:

when it is determined that the device information of the network device400 matches the match condition information, forwarding, by theprocessing unit 404, the packet to a neighboring device of the networkdevice 400, where

in a specific implementation, when the match unit 403 determines thatthe device information of the second network device matches the matchcondition information, the network device 400 may forward the packet tothe neighboring device of the network device 400 according to actionentry information; or

when the match unit 403 determines that the device information of thefirst network device 400 does not match the match condition information,performing, by the processing unit 404, discarding processing on thepacket.

The packet further includes action entry information. The action entryinformation includes: when the device information of the second networkdevice matches the match condition information, a processing manner ofthe first network device 400 for the packet is a processing manner offorwarding processing. Correspondingly, that the processing unit 404performs forwarding processing on the packet according to the matchresult from the match unit 403 includes:

when the match unit 403 determines that the device information of thefirst network device 400 matches the match condition information,forwarding, by the processing unit 404, the packet to at least oneneighboring device of the first network device 400 according to theaction entry information.

Alternatively, the action entry information includes: when the deviceinformation of the second network device does not match the matchcondition information, a processing manner of the first network device400 for the packet is a processing manner of discarding processing.Correspondingly, that the processing unit 404 performs discardingprocessing on the packet according to the match result from the matchunit 403 includes:

when the match unit 403 determines that the device information of thefirst network device 400 does not match the match condition information,performing, by the processing unit 404, discarding processing on thepacket according to the action entry information.

In a specific implementation, the packet further includes intentinformation. The intent information includes network policy information.The processing unit 404 is further configured to execute a correspondingnetwork policy according to the intent information. The network policyinformation included in the intent information may be a network deviceenergy saving policy. That the processing unit 404 executes acorresponding network policy according to the intent information issetting the network device 400 to enter an energy saving mode. That thenetwork device 400 enters the energy saving mode may specificallyinclude: the network device 400 disables an idle port, reduces a CPUfrequency, or the like. The processing unit 404 may execute thecorresponding network policy according to the intent information afterthe receiving unit 401 receives the packet or before the match unit 403performs a match action. Alternatively, the processing unit 404 mayexecute the corresponding network policy according to the intentinformation after processing the packet according to the match resultfrom the match unit 403.

In a specific implementation, the match condition information may bedevice role information. Correspondingly, the device information of thesecond network device includes device role information of the secondnetwork device, and that the match unit 403 matches device informationof the second network device with the match condition informationspecifically includes:

matching, by the match unit 403, the device role information of thesecond network device with the match condition information.

The device role information may be information for identifying alocation of a device in a network, for example, a PE device or a CEdevice in a carrier network. For example, when a device role of thesecond network device is a PE device in the carrier network, and thedevice role information included in the match condition information isalso a PE device in the carrier network, the match unit 403 maydetermine that the second network device is a network device meeting thematch condition information.

The device role information may be information for identifying afunction of a device in a network. For example, in an IP RAN network, adevice role may be a CSG; an ASG or an RSG For example, when the devicerole information of the second network device is a CSG device in the IPRAN network, and the device role information included in the matchcondition information is represented as a CSG device in the IP RANnetwork, the match unit 403 may determine that the second network deviceis a network device meeting the match condition information.

In another specific implementation, the match condition information maybe protocol role information. Correspondingly, the device information ofthe second network device includes protocol role information of thesecond network device, and that the match unit 403 matches deviceinformation of the second network device with the match conditioninformation includes:

matching, by the match unit 403, the protocol role information of thesecond network device with the match condition information.

The protocol role information may be information for identifying aprotocol function of a device in a specific protocol network, forexample, an LSR in an MPLS network or an LER in an MPLS network. Forexample, when a device protocol role of the second network device is anLSR, and the protocol role information included in the match conditioninformation is also the LSR, the match unit 403 may determine that thesecond network device is a network device meeting the match conditioninformation.

In a specific implementation, for specific content of the match objectinformation and the match condition information, refer to any one of theforegoing embodiments. Details are not described herein again.

It may be understood that the determining unit 402, the match unit 403,and the processing unit 404 may be implemented by using hardware,firmware, software, or a combination thereof. In an actual application,a specific implementation is determined according to a product designrequirement or manufacturing costs. The present invention should not belimited to a specific implementation.

The network device 400 provided in this embodiment of the presentinvention determines a to-be-matched network device by using the matchobject information included in the packet, and then matches deviceinformation of the to-be-matched network device with the match conditioninformation in the packet, so as to forward or discard the packetaccording to a match result. The network device 400 needs to send thepacket only to a specific device, and does not need to flood the packetin a network. Therefore, the packet is prevented from being flooded inthe network without a purpose, so that excessive occupation of networkbandwidth can be reduced, and network resources can be saved.

Referring to FIG. 5 , an embodiment of the present invention provides anetwork device 500. The network device 500 may be the network device Ain FIG. 1 , or may be a network device sending a packet to the firstnetwork device in the embodiment shown in FIG. 2 , or may be the thirdnetwork device in the embodiment shown in FIG. 3 . The network device500 includes:

an obtaining unit 501, configured to obtain match object information andmatch condition information;

a processing unit 502, configured to generate a packet, where the packetincludes the match object information and the match conditioninformation; and

a sending unit 503, configured to send the packet to a first networkdevice, so as to instruct the first network device to process the packetaccording to the match object information and the match conditioninformation, where the match object information is used to instruct thefirst network device to determine a to-be-matched second network deviceaccording to the match object information, and the second network deviceincludes one or more network devices.

The match condition information is used by the first network device tomatch device information of the to-be-matched second network device withthe match condition information. The match condition information mayinclude device information such as device role information, deviceprotocol information, or device performance information.

In a specific implementation, the network device 500 may determinecorresponding match object information and match condition informationaccording to a specific to-be-sent packet. For example, some packetsneed to be sent to a type of device, and some packets do not need to besent to a type of network device. In this case, the network device 500determines specific match object information and match conditioninformation according to a packet.

In a specific implementation, the network device 500 may set the matchobject information and the match condition information according to anetwork feature. For example, in an MPLS network, if the network device500 is an LSR, and the network device 500 wants to flood an MPLS packetto an LSR in the MPLS network by using the first network device, when avalue of identifier information included in match object informationincluded in the MPLS packet may be 1, it indicates that the firstnetwork device needs to match device information of a neighboring deviceof the first network device with the match condition. The matchcondition information is a protocol role LSR. In this way, afterreceiving the MPLS packet, the first network device matches the deviceinformation of the neighboring device of the first network device withthe match condition, and sends the MPLS packet to a matched neighboringdevice. In this way, when the neighboring device of the first networkdevice is an LSR, the neighboring device of the first network device canreceive the MPLS packet. Further, an LSR that receives the MPLS packetcontinues to perform an action performed by the first network device, sothat the MPLS packet can be flooded in the MPLS network with a purpose.Therefore, a prior-art technical problem that network bandwidth isexcessively occupied because a packet is flooded in a network without apurpose is avoided.

In a specific embodiment, for specific content of the match objectinformation and the match condition information, refer to any one of theforegoing embodiments. Details are not described herein again.

In a specific implementation, the packet may further include actionentry information. The action entry information includes a processingmanner of the first network device for the packet. The processing mannermay be a processing manner of forwarding processing or discardingprocessing.

In a specific implementation, the packet may further include intentinformation. The intent information includes network policy information.The first network device is further configured to execute acorresponding network policy according to the intent information. In aspecific implementation, the network policy information included in theintent information may be a network device energy saving policy. Thatthe first network device executes a corresponding network policyaccording to the intent information is setting the first network deviceto enter an energy saving mode. That the first network device enters theenergy saving mode may specifically include: the first network devicedisables an idle port, reduces a CPU frequency, or the like.

In this embodiment of the present invention, the network device 500generates the packet that includes the match object information and thematch condition information, and sends the packet to the first networkdevice, so that the first network device can send the packet to aspecific device according to the match object information and the matchcondition information, and does not need to send the packet to alldevices in a network. Therefore, the packet is prevented from beingflooded in the network without a purpose, so that excessive occupationof network bandwidth can be reduced, and network resources can be saved.

Referring to FIG. 6 , an embodiment of the present invention provides anetwork device 600. The network device 600 may be the network device Bin FIG. 1 , or may be the first network device in the embodiment shownin FIG. 2 , or may be the first network device in the embodiment shownin FIG. 3 . The network device 600 includes a memory 601, a processor602, and a network interface 603. The memory 601, the processor 602, andthe network interface 603 are connected to each other by using a bus604. The memory 601 is configured to store a group of programinstructions, and the processor 602 is configured to invoke the programinstruction stored in the memory 601 to perform the followingoperations:

triggering the network interface 603 to receive a packet, where thepacket includes match object information and match conditioninformation;

determining a to-be-matched second network device according to the matchobject information, where the second network device includes one or morenetwork devices, and matching device information of the second networkdevice with the match condition information; and

performing forwarding processing or discarding processing on the packetaccording to a match result of matching the device information of thesecond network device with the match condition information.

In a specific embodiment, for specific content of the match objectinformation and the match condition information, refer to any one of theforegoing embodiments. Details are not described herein again.

In a specific embodiment, when the processor 602 determines, accordingto the match object information, that the to-be-matched second networkdevice is a neighboring device of the network device 600, the networkdevice 600 matches obtained device information of the neighboring devicewith the match condition. Correspondingly, the second network device isa neighboring device of the network device 600, and that the processor602 matches device information of the second network device with thematch condition information includes:

matching, by the processor 602, device information of the neighboringdevice of the network device 600 with the match condition information.Correspondingly, that the processor 602 performs forwarding processingon the packet according to the match result includes:

when determining that device information matching the match conditioninformation exists in the device information of the neighboring deviceof the network device 600, forwarding, by the processor 602, the packetto a neighboring device corresponding to the device information matchingthe match condition information, where the neighboring devicecorresponding to the device information matching the match condition maybe one or more neighboring devices; or when the processor 602 determinesthat no device information matching the match condition informationexists in the device information of the neighboring device of thenetwork device 600, performing, by the processor 602, discardingprocessing on the packet.

The packet may further include action entry information. The actionentry information includes a processing manner that is of the networkdevice 600 for the packet and that exists when device informationmatching the match condition information exists in the deviceinformation of the second network device. The processing manner may be aprocessing manner of forwarding processing. Correspondingly, that theprocessor 602 performs forwarding processing on the packet according toa match result of matching the device information of the second networkdevice with the match condition information includes:

when determining that a neighboring device that is of the first networkdevice 600 and that matches the match condition information exists,forwarding, by the processor 602 according to the action entryinformation, the packet to the neighboring device that is of the networkdevice 600 and that matches the match condition information.

Alternatively, the action entry information includes a processing mannerin which the network device 600 performs discarding processing on thepacket when the device information of the second network device does notmatch the match condition information. Correspondingly, that theprocessor 602 performs discarding processing on the packet according toa match result of matching the device information of the second networkdevice with the match condition information includes:

when determining that no neighboring device that is of the networkdevice 600 and that matches the match condition information, performing,by the processor 602, discarding processing on the packet.

In a specific implementation, when the processor 602 determines,according to the match object information, that the to-be-matched secondnetwork device is the network device 600, the network device 600 matchesdevice information of the network device 600 with the match condition.Correspondingly, the second network device is the network device 600,and that the processor 602 matches device information of the secondnetwork device with the match condition information includes:

matching, by the processor 602, device information of the network device600 with the match condition information. Correspondingly, that theprocessor 602 performs forwarding processing on the packet according tothe match result includes:

when the processor 602 determines that the device information of thenetwork device 600 matches the match condition information, sending, bythe network interface 603, the packet to all neighboring devices of thenetwork device 600; or when the processor 602 determines that the deviceinformation of the network device 600 does not match the match conditioninformation, performing, by the processor 602, discarding processing onthe packet.

The packet further includes action entry information. The action entryinformation includes: when the device information of the second networkdevice matches the match condition information, a processing manner ofthe network device 600 for the packet is a processing manner offorwarding processing. Correspondingly, that the processor 602 performsforwarding processing on the packet according to a match result ofmatching the device information of the second network device with thematch condition information includes:

when determining that the device information of the network device 600matches the match condition information, forwarding, by the processor602, the packet to at least one neighboring device of the network device600 according to the action entry information.

Alternatively, the action entry information includes: when the deviceinformation of the second network device does not match the matchcondition information, a processing manner of the network device 600 forthe packet is a processing manner of discarding processing.Correspondingly, that the processor 602 performs discarding processingon the packet according to a match result of matching the deviceinformation of the second network device with the match conditioninformation includes:

when determining that the device information of the network device 600does not match the match condition information, performing, by theprocessor 602, discarding processing on the packet according to theaction entry information.

In a specific implementation, the packet further includes intentinformation. The intent information includes network policy information.The processor 602 is further configured to execute a correspondingnetwork policy according to the intent information. The network policyinformation included in the intent information may be a network deviceenergy saving policy. That the processor 602 executes a correspondingnetwork policy according to the intent information is setting thenetwork device 600 to enter an energy saving mode.

The match condition information may include device role information.Correspondingly, the device information of the second network deviceincludes device role information of the second network device, and thatthe processor 602 matches device information of the second networkdevice with the match condition information includes:

matching, by the processor 602, the device role information of thesecond network device with the match condition information.

In another specific implementation, the match condition information maybe protocol role information. Correspondingly, the device information ofthe second network device includes protocol role information of thesecond network device, and that the processor 602 matches deviceinformation of the second network device with the match conditioninformation includes:

matching, by the processor 602, the protocol role information of thesecond network device with the match condition information.

For specific content of the device role information and the protocolrole information, refer to any one of the foregoing embodiments. Detailsare not described herein again.

The network device 600 provided in this embodiment of the presentinvention determines a to-be-matched network device by using the matchobject information included in the packet, and then matches deviceinformation of the to-be-matched network device with the match conditioninformation in the packet, so as to perform forwarding processing ordiscarding processing on the packet according to a match result. Thenetwork device 600 needs to send the packet only to a specific device,and does not need to flood the packet in a network. Therefore, thepacket is prevented from being flooded in the network without a purpose,so that excessive occupation of network bandwidth can be reduced, andnetwork resources can be saved.

Referring to FIG. 7 , an embodiment of the present invention provides anetwork device 700. The network device 700 may be the network device Ain FIG. 1 , or may be a network device sending a packet to the firstnetwork device in the embodiment shown in FIG. 2 , or may be the thirdnetwork device in the embodiment shown in FIG. 3 . The network device700 includes a memory 701, a processor 702, and a network interface 703.The memory 701, the processor 702, and the network interface 703 areconnected to each other by using a bus 704. The memory 701 is configuredto store a group of program instructions, and the processor 702 isconfigured to invoke the program instruction stored in the memory 701 toperform the following operations:

obtaining match object information and match condition information;

generating a packet, where the packet includes the match objectinformation and the match condition information; and

sending the packet to a first network device, so as to instruct thefirst network device to process the packet according to the match objectinformation and the match condition information, where the match objectinformation is used to instruct the first network device to determine ato-be-matched second network device according to the match objectinformation, and the second network device includes one or more networkdevices.

The match object information is used by the first network device todetermine a to-be-matched second network device according to the matchobject information. The match condition information is used by the firstnetwork device to match device information of the to-be-matched secondnetwork device with the match condition information. The match conditioninformation includes device role information or device protocolinformation.

In a specific embodiment, for specific content of the match objectinformation and the match condition information, refer to any one of theforegoing embodiments. Details are not described herein again.

In a specific implementation, the packet may further include intentinformation. The intent information includes network policy information.The first network device is further configured to execute acorresponding network policy according to the intent information. In aspecific implementation, the network policy information included in theintent information may be a network device energy saving policy. Thatthe first network device executes a corresponding network policyaccording to the intent information is setting the first network deviceto enter an energy saving mode. That the first network device enters theenergy saving mode may specifically include: the first network devicedisables an idle port, reduces a CPU frequency, or the like.

In this embodiment of the present invention, the network device 700generates the packet that includes the match object information and thematch condition information, and sends the packet to the first networkdevice, so that the first network device can send the packet to aspecific device according to the match object information and the matchcondition information, and does not need to send the packet to alldevices in a network. Therefore, the packet is prevented from beingflooded in the network without a purpose, so that excessive occupationof network bandwidth can be reduced, and network resources can be saved.

Referring to FIG. 8 , an embodiment of the present invention provides apacket processing system 800. The packet processing system includes afirst network device 801 and a third network device 802.

The third network device 802 is configured to: obtain match objectinformation and match condition information; generate a packet thatincludes the match object information and the match conditioninformation; and send the packet to the first network device 801, wherethe match object information is used to instruct the first networkdevice 801 to determine a network device corresponding to deviceinformation to be matched with the match condition information.

The first network device 801 is configured to: receive the packet;determine a second network device corresponding to the match objectinformation; match device information of the second network device withthe match condition information; and perform forwarding processing ordiscarding processing on the packet according to action entryinformation and a match result of matching the device information of thesecond network device with the match condition information.

In a specific embodiment, the first network device 801 may be thenetwork device B in FIG. 1 , and the third network device 802 may be thenetwork device A in FIG. 1 . The first network device 801 may be thefirst network device in the embodiment shown in FIG. 2 . The firstnetwork device 801 may be the first network device in the embodimentshown FIG. 3 , and the third network device 802 may be the third networkdevice in the embodiment shown in FIG. 3 . The first network device 801may be the network device 400 in the embodiment shown FIG. 4 , or thefirst network device 801 may be the network device 600 in the embodimentshown in FIG. 6. For specific content related to the first networkdevice 801, refer to any one of the foregoing embodiments. Details arenot described herein again. The third network device 802 may be thenetwork device 500 in the embodiment shown FIG. 5 , or the third networkdevice 802 may be the network device 700 in the embodiment shown in FIG.7 . For specific content related to the third network device 802, referto any one of the foregoing embodiments. Details are not describedherein again.

In the packet processing system 800 in this embodiment of the presentinvention, the third network device 802 generates the packet thatincludes the match object information and the match conditioninformation, and sends the packet to the first network device 801; andthe first network device 801 determines a to-be-matched network deviceby using the match object information included in the packet, and thenmatches device information of the to-be-matched network device with thematch condition information in the packet, so as to perform forwardingprocessing or discarding processing on the packet according to a matchresult. The first network device 801 needs to send the packet only to aspecific device, and does not need to flood the packet in a network.Therefore, the packet is prevented from being flooded in the networkwithout a purpose, so that excessive occupation of network bandwidth canbe reduced, and network resources can be saved.

In the embodiments of the present invention, “first” in the mentionedfirst network device or first group of match information is only used asa name identifier, and does not mean being the first in a sequence. Thisrule is also applicable to “second” or “third”.

Persons of ordinary skill in the art may understand that all or some ofthe steps of the method embodiments may be implemented by a programinstructing relevant hardware. The program may be stored in a computerreadable storage medium. When the program runs, the steps of the methodembodiments are performed. The storage medium includes: any medium thatcan store program code, such as a ROM, a RAM, a magnetic disk, or anoptical disc.

Finally, it should be noted that the foregoing embodiments are onlyintended for describing the technical solutions of the presentinvention, but not for limiting the present invention. Although thepresent invention is described in detail with reference to the foregoingembodiments, persons of ordinary skill in the art should understand thatthey may still make modifications to the technical solutions describedin the foregoing embodiments or make equivalent replacements to sometechnical features thereof, without departing from the scope of thetechnical solutions of the embodiments of the present invention.

What is claimed is:
 1. A packet processing method, comprising:receiving, by a first network device, a packet, wherein the packetcomprises match object information and match condition information;determining, by the first network device, a to-be-matched second networkdevice among one or more network devices according to the match objectinformation; matching, by the first network device, device informationof the second network device with the match condition information,wherein the device information of the second network device matchesdevice performance information of the first network device and thedevice performance information is either information about a forwardingcapability or a capacity capability of a network device; and performing,by the first network device, forwarding processing or discardingprocessing on the packet according to a match result of matching thedevice information of the second network device with the match conditioninformation.
 2. The method according to claim 1, wherein the secondnetwork device is a neighboring device of the first network device, andcorrespondingly, the matching, by the first network device, the deviceinformation of the second network device with the match conditioninformation further comprises: matching, by the first network device,device information of the neighboring device of the first network devicewith the match condition information.
 3. The method according to claim2, wherein performing, by the first network device, the forwardingprocessing on the packet according to the match result of matching thedevice information of the second network device with the match conditioninformation further comprises: when determining that a neighboringdevice that is of the first network device and that matches the matchcondition information exists, forwarding, by the first network device,the packet to the neighboring device that is of the first network deviceand that matches the match condition information; and whereinperforming, by the first network device, the discarding processing onthe packet according to the match result of matching the deviceinformation of the second network device with the match conditioninformation further comprises: when determining that no neighboringdevice that is of the first network device and that matches the matchcondition information exists, performing, by the first network device,discarding processing on the packet.
 4. The method according to claim 2,wherein the packet further comprises action entry information and: whenthe device information of the second network device matches the matchcondition information, a processing manner of the first network devicefor the packet is a processing manner of forwarding processing; andcorrespondingly, performing, by the first network device, the forwardingprocessing on the packet according to the match result of matching thedevice information of the second network device with the match conditioninformation further comprises: when determining that a neighboringdevice that is of the first network device and that matches the matchcondition information exists, forwarding, by the first network deviceaccording to the action entry information, the packet to the neighboringdevice that is of the first network device and that matches the matchcondition information; and when no second network device that matchesthe match condition information exists, a processing manner of the firstnetwork device for the packet is a processing manner of discardingprocessing; and correspondingly, performing, by the first networkdevice, the discarding processing on the packet according to the matchresult of matching the device information of the second network devicewith the match condition information further comprises: when determiningthat no neighboring device that is of the first network device and thatmatches the match condition information exists, performing, by the firstnetwork device, discarding processing on the packet according to theaction entry information.
 5. The method according to claim 1, whereinthe second network device is the first network device, andcorrespondingly, the matching, by the first network device, the deviceinformation of the second network device with the match conditioninformation further comprises: matching, by the first network device,device information of the first network device with the match conditioninformation.
 6. The method according to claim 5, wherein performing, bythe first network device, the forwarding processing on the packetaccording to the match result of matching the device information of thesecond network device with the match condition information furthercomprises: when determining that the device information of the firstnetwork device matches the match condition information, forwarding, bythe first network device, the packet to at least one neighboring deviceof the first network device.
 7. The method according to claim 5, whereinperforming, by the first network device, the discarding processing onthe packet according to the match result of matching the deviceinformation of the second network device with the match conditioninformation further comprises: when determining that the deviceinformation of the first network device does not match the matchcondition information, performing, by the first network device, thediscarding processing on the packet.
 8. The method according to claim 5,wherein the packet further comprises action entry information and whenthe device information of the second network device matches the matchcondition information, a processing manner of the first network devicefor the packet is a processing manner of forwarding processing; andcorrespondingly, performing, by the first network device, the forwardingprocessing on the packet according to the match result of matching thedevice information of the second network device with the match conditioninformation further comprises: when determining that the deviceinformation of the first network device matches the match conditioninformation, forwarding, by the first network device, the packet to atleast one neighboring device of the first network device according tothe action entry information; and when the device information of thesecond network device does not match the match condition information, aprocessing manner of the first network device for the packet is aprocessing manner of discarding processing; and correspondingly,performing, by the first network device, the discarding processing onthe packet according to the match result of matching the deviceinformation of the second network device with the match conditioninformation further comprises: when determining that the deviceinformation of the first network device does not match the matchcondition information, performing, by the first network device,discarding processing on the packet according to the action entryinformation.
 9. The method according to claim 1, wherein the packetfurther comprises intent information, the intent information comprisesnetwork policy information, and the method further comprises: executing,by the first network device according to the intent information, anetwork policy corresponding to the network policy information.
 10. Themethod according to claim 1, wherein the match condition informationcomprises at least two types of device information, the packet furthercomprises an indication flag, the indication flag is used to instructthe first network device to select device information between which andthe device information of the second network device matching is to beperformed, and the selected device information is device performanceinformation.
 11. The method according to claim 1, wherein the packetfurther comprises a first group of match information and a second groupof match information, the first group of match information and thesecond group of match information each comprise match object informationand match condition information, and correspondingly, the packet furthercomprises a match indication flag, wherein the match indication flag isused to instruct the first network device to use the first group ofmatch information and the second group of match information, or thematch indication flag is used to instruct to: when match conditioninformation in at least two groups of match information is matched,select a processing manner corresponding to the matched match conditioninformation to process the packet.
 12. A first network device,comprising: a memory, a processor, and a network interface, wherein thememory, the processor, and the network interface are connected to eachother by using a bus, the memory is configured to store a group ofprogram instructions, and the processor is configured to invoke theprogram instruction stored in the memory to perform the followingoperations: triggering the network interface to receive a packet,wherein the packet comprises match object information and matchcondition information; determining a to-be-matched second network deviceamong one or more network devices according to the match objectinformation, and matching device information of the second networkdevice with the match condition information, wherein the deviceinformation of the second network device matches device performanceinformation of the first network device and the device performanceinformation is either information about a forwarding capability or acapacity capability of a network device; and performing forwardingprocessing or discarding processing on the packet according to a matchresult of matching the device information of the second network devicewith the match condition information.
 13. The first network deviceaccording to claim 12, wherein the to-be-matched second network devicedetermined by the processor is a neighboring device of the first networkdevice, configuring the processor to match the device information of thesecond network device with the match condition information furthercomprises: match device information of the neighboring device of thefirst network device with the match condition information.
 14. The firstnetwork device according to claim 13, wherein configuring the processorto perform the forwarding processing on the packet according to thematch result further comprises: when it is determined that a neighboringdevice that is of the first network device and that matches the matchcondition information exists, forward the packet to the neighboringdevice that is of the first network device and that matches the matchcondition information.
 15. The first network device according to claim14, wherein configuring the processor to perform the discardingprocessing on the packet according to the match result furthercomprises: when it is determined that the device information of thefirst network device does not match the match condition information,perform the discarding processing on the packet.
 16. The first networkdevice according to claim 13, wherein configuring the processor toperform the discarding processing on the packet according to the matchresult of matching the device information of the second network devicewith the match condition information further comprises: when it isdetermined that no neighboring device that is of the first networkdevice and that matches the match condition information exists, performthe discarding processing on the packet.
 17. The first network deviceaccording to claim 12, wherein the second network device determined bythe processor is the first network device, and configuring the processorto match the device information of the second network device with thematch condition information further comprises: match device informationof the first network device with the match condition information. 18.The first network device according to claim 17, wherein configuring theprocessor to perform the forwarding processing on the packet accordingto the match result further comprises: when it is determined that thedevice information of the first network device matches the matchcondition information, forward the packet to at least one neighboringdevice of the first network device.